📝 Preliminary Checks
👀 What Happened?
Today I converted my docker-mailserver to use LDAP as authentication mechanism.
Receiving mails works well, from outside (e.g. @gmail.com and inside @melijn.com).
Sending email between internal users (@melijn.com) works.
Sending emails to mailboxes outside (e.g. @gmail.com does not).
I did not see any mention of configuration to which addresses you can send to unless I misunderstood the docs: https://docker-mailserver.github.io/docker-mailserver/latest/config/advanced/auth-ldap/.
👟 Reproduction Steps
Env: mail-server.env.txt
LDAP Search query:
I have no name!@d0d034e122f5:/$ ldapsearch -x -H ldaps://ldap.melijn.com -b 'dc=melijn,dc=com' -D "cn=admin,dc=melijn,dc=com" -W "(&(objectClass=inetOrgPerson)([email protected]))"
# extended LDIF
#
# LDAPv3
# base <dc=melijn,dc=com> with scope subtree
# filter: (&(objectClass=inetOrgPerson)([email protected]))
# requesting: ALL
#
# merlijn, users, melijn.com
dn: cn=merlijn,ou=users,dc=melijn,dc=com
givenName: redacted1
sn: redacted2
cn: merlijn
uid: merlijn
uidNumber: 1002
gidNumber: 500
homeDirectory: /home/users/merlijn
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
mail: [email protected]
userPassword:: redacted
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
🐋 DMS Version
v12.1.0
💻 Operating System and Architecture
5.4.0-162-generic #179-Ubuntu
⚙️ Container configuration files
version: '3.7'
services:
mail:
image: mailserver/docker-mailserver:latest
hostname: mail
domainname: melijn.com
container_name: mail
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- maildata:/var/mail
- mailstate:/var/mail-state
- maillogs:/var/log/mail
- ./config/:/tmp/docker-mailserver/
- /opt/traefik/acme.json:/etc/letsencrypt/acme.json:ro
env_file:
- .env
- mail-server.env
networks:
- proxy_default
cap_add:
- NET_ADMIN
- SYS_PTRACE
restart: always
nginx2:
image: nginx:latest
container_name: "gen-nginx-mail-cert"
volumes:
- /data/www/:/usr/share/nginx/html/
networks:
- proxy_default
labels:
- "traefik.http.routers.certgen.rule=Host(`mail.melijn.com`)"
- "traefik.enable=true"
- "traefik.http.services.certgen.loadbalancer.server.port=80"
- "traefik.http.routers.certgen.tls=true"
- "traefik.http.routers.certgen.entrypoints=websecure"
- "traefik.http.routers.certgen.tls.certresolver=le"
networks:
proxy_default:
external: true
volumes:
maildata:
mailstate:
maillogs:📜 Relevant log output
mail | Sep 15 18:35:25 mail postfix/submission/smtpd[1005]: connect from 113.168-65-87.adsl-dyn.isp.belgacom.be[87.65.168.113]
mail | Sep 15 18:35:26 mail postfix/submission/smtpd[1005]: Anonymous TLS connection established from 113.168-65-87.adsl-dyn.isp.belgacom.be[87.65.168.113]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
mail | Sep 15 18:35:26 mail dovecot: imap-login: Login: user=<merlijn>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=1010, secured, session=<dTRgDmoFwIN/AAAB>
mail | Sep 15 18:35:26 mail dovecot: imap(merlijn)<1010><dTRgDmoFwIN/AAAB>: Disconnected: Logged out in=16 out=496 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
mail | Sep 15 18:35:26 mail postfix/submission/smtpd[1005]: 3F8FA227F4: client=113.168-65-87.adsl-dyn.isp.belgacom.be[87.65.168.113], sasl_method=PLAIN, [email protected]
mail | Sep 15 18:35:26 mail postfix/sender-cleanup/cleanup[1012]: 3F8FA227F4: message-id=<[email protected]>
mail | Sep 15 18:35:26 mail postfix/sender-cleanup/cleanup[1012]: 3F8FA227F4: replace: header MIME-Version: 1.0 from 113.168-65-87.adsl-dyn.isp.belgacom.be[87.65.168.113]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[192.168.1.33]>: MIME-Version: 1.0
mail | Sep 15 18:35:26 mail opendkim[873]: 3F8FA227F4: DKIM-Signature field added (s=mail, d=melijn.com)
mail | Sep 15 18:35:26 mail postfix/qmgr[985]: 3F8FA227F4: from=<[email protected]>, size=374, nrcpt=1 (queue active)
mail | Sep 15 18:35:26 mail dovecot: imap-login: Login: user=<merlijn>, method=PLAIN, rip=87.65.168.113, lip=172.18.0.25, mpid=1016, TLS, session=<NQJnDmoFDLJXQahx>
mail | Sep 15 18:35:26 mail dovecot: imap(merlijn)<1016><NQJnDmoFDLJXQahx>: Disconnected: Logged out in=464 out=624 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
mail | Sep 15 18:35:27 mail postfix/smtpd-amavis/smtpd[1018]: connect from localhost[127.0.0.1]
mail | Sep 15 18:35:27 mail postfix/smtpd-amavis/smtpd[1018]: E33D722F63: client=localhost[127.0.0.1]
mail | Sep 15 18:35:27 mail postfix/cleanup[1019]: E33D722F63: message-id=<[email protected]>
mail | Sep 15 18:35:27 mail postfix/qmgr[985]: E33D722F63: from=<[email protected]>, size=1083, nrcpt=1 (queue active)
mail | Sep 15 18:35:27 mail amavis[1003]: (01003-01) Passed CLEAN {RelayedOpenRelay}, [87.65.168.113]:54144 [87.65.168.113] <[email protected]> -> <[email protected]>, Queue-ID: 3F8FA227F4, Message-ID: <[email protected]>, mail_id: h6HUMdGGE7aH, Hits: -0.202, size: 871, queued_as: E33D722F63, 1602 ms
mail | Sep 15 18:35:27 mail postfix/smtp-amavis/smtp[1013]: 3F8FA227F4: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.7, delays=0.13/0.01/0.01/1.6, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as E33D722F63)
mail | Sep 15 18:35:27 mail postfix/qmgr[985]: 3F8FA227F4: removed
mail | Sep 15 18:35:27 mail dovecot: lmtp(1021): Connect from local
mail | Sep 15 18:35:27 mail dovecot: auth: ldap([email protected]): unknown user
mail | Sep 15 18:35:27 mail postfix/lmtp[1020]: E33D722F63: to=<[email protected]>, relay=mail.melijn.com[/var/run/dovecot/lmtp], delay=0.06, delays=0.03/0.02/0.01/0.01, dsn=5.1.1, status=bounced (host mail.melijn.com[/var/run/dovecot/lmtp] said: 550 5.1.1 <[email protected]> User doesn't exist: [email protected] (in reply to RCPT TO command))
mail | Sep 15 18:35:27 mail dovecot: lmtp(1021): Disconnect from local: Logged out (state=READY)
mail | Sep 15 18:35:27 mail postfix/cleanup[1019]: F0B9522F6C: message-id=<[email protected]>
mail | Sep 15 18:35:27 mail postfix/qmgr[985]: F0B9522F6C: from=<>, size=3132, nrcpt=1 (queue active)
mail | Sep 15 18:35:27 mail postfix/bounce[1022]: E33D722F63: sender non-delivery notification: F0B9522F6C
mail | Sep 15 18:35:27 mail postfix/qmgr[985]: E33D722F63: removed
mail | Sep 15 18:35:27 mail dovecot: lmtp(1021): Connect from local
mail | Sep 15 18:35:28 mail dovecot: lmtp([email protected])<1021><aIdIO++jBGX9AwAADnb+Ww>: sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX'
mail | Sep 15 18:35:28 mail postfix/lmtp[1020]: F0B9522F6C: to=<[email protected]>, relay=mail.melijn.com[/var/run/dovecot/lmtp], delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> aIdIO++jBGX9AwAADnb+Ww Saved)
mail | Sep 15 18:35:28 mail postfix/qmgr[985]: F0B9522F6C: removed
mail | Sep 15 18:35:28 mail dovecot: lmtp(1021): Disconnect from local: Logged out (state=READY)
6504a3ef.37b599b7 0x7fdf9cbfb700 conn=1217 op=0 STARTTLS
6504a3ef.37b726e9 0x7fdf9cbfb700 conn=1217 op=0 RESULT oid= err=0 qtime=0.000014 etime=0.000147 text=
6504a3ef.3848a535 0x7fdfaec9d700 conn=1217 fd=17 TLS established tls_ssf=256 ssf=256 tls_proto=TLSv1.3 tls_cipher=TLS_AES_256_GCM_SHA384
6504a3ef.3868ba21 0x7fdfae49c700 conn=1217 op=1 BIND dn="cn=admin,dc=melijn,dc=com" method=128
6504a3ef.386c6bdf 0x7fdfae49c700 conn=1217 op=1 BIND dn="cn=admin,dc=melijn,dc=com" mech=SIMPLE bind_ssf=0 ssf=256
6504a3ef.387063e8 0x7fdfae49c700 conn=1217 op=1 RESULT tag=97 err=0 qtime=0.000017 etime=0.000565 text=
6504a3ef.3872e2db 0x7fdf9d3fc700 connection_input: conn=1217 deferring operation: binding
6504a3ef.3875e04b 0x7fdfae49c700 conn=1217 op=2 SRCH base="dc=melijn,dc=com" scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)([email protected]))"
6504a3ef.3877bc3d 0x7fdfae49c700 conn=1217 op=2 SRCH attr=mail
6504a3ef.3879b6d3 0x7fdfae49c700 conn=1217 op=2 SEARCH RESULT tag=101 err=0 qtime=0.000173 etime=0.000447 nentries=0 text=
6504a3ef.387f4772 0x7fdf9edfe700 conn=1217 op=3 SRCH base="dc=melijn,dc=com" scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)([email protected]))"
6504a3ef.3880469f 0x7fdf9edfe700 conn=1217 op=3 SRCH attr=mail
6504a3ef.3882fee8 0x7fdf9edfe700 conn=1217 op=3 SEARCH RESULT tag=101 err=0 qtime=0.000018 etime=0.000278 nentries=0 text=
6504a3ef.3888889a 0x7fdfaec9d700 conn=1217 op=4 SRCH base="dc=melijn,dc=com" scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)([email protected]))"
6504a3ef.3888f4e5 0x7fdfaec9d700 conn=1217 op=4 SRCH attr=mail
6504a3ef.388b3c9e 0x7fdfaec9d700 conn=1217 op=4 SEARCH RESULT tag=101 err=0 qtime=0.000017 etime=0.000230 nentries=0 text=
6504a3ef.38900a9d 0x7fdf9d3fc700 conn=1217 op=5 SRCH base="dc=melijn,dc=com" scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)([email protected]))"
6504a3ef.3890982c 0x7fdf9d3fc700 conn=1217 op=5 SRCH attr=mail
6504a3ef.38919a66 0x7fdf9d3fc700 conn=1217 op=5 SEARCH RESULT tag=101 err=0 qtime=0.000015 etime=0.000138 nentries=0 text=
6504a3ef.38af333b 0x7fdf9cbfb700 conn=1215 op=12 SRCH base="dc=melijn,dc=com" scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)(?mailAlias=gmail.com))"
6504a3ef.38b02066 0x7fdf9cbfb700 conn=1215 op=12 SRCH attr=mail
6504a3ef.38b2f6dc 0x7fdf9cbfb700 conn=1215 op=12 SEARCH RESULT tag=101 err=0 qtime=0.000015 etime=0.000283 nentries=0 text=
6504a3ef.38d233bf 0x7fdfae49c700 conn=1215 op=13 SRCH base="dc=melijn,dc=com" scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)(?mailGroupMember=gmail.com))"
6504a3ef.38d67ec0 0x7fdfae49c700 conn=1215 op=13 SRCH attr=mail
6504a3ef.38d9c769 0x7fdfae49c700 conn=1215 op=13 SEARCH RESULT tag=101 err=0 qtime=0.000021 etime=0.000538 nentries=0 text=
6504a3ef.38dff81b 0x7fdf9edfe700 conn=1215 op=14 SRCH base="dc=melijn,dc=com" scope=2 deref=0 filter="(mail=*@gmail.com)"
6504a3ef.38e0bf31 0x7fdf9edfe700 conn=1215 op=14 SRCH attr=mail
6504a3ef.38e49388 0x7fdf9edfe700 conn=1215 op=14 SEARCH RESULT tag=101 err=0 qtime=0.000018 etime=0.000331 nentries=1 text=
6504a3ef.3a4586dc 0x7fdfaec9d700 conn=1214 op=8 SRCH base="dc=melijn,dc=com" scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)(uid=pixelhamsteryt))"
6504a3ef.3a46f557 0x7fdfaec9d700 conn=1214 op=8 SRCH attr=uid gidNumber
6504a3ef.3a4afd7e 0x7fdfaec9d700 conn=1214 op=8 SEARCH RESULT tag=101 err=0 qtime=0.000030 etime=0.000429 nentries=0 text=
6504a3ef.3ad4ed41 0x7fdf9d3fc700 conn=1217 op=6 SRCH base="dc=melijn,dc=com" scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)([email protected]))"
6504a3ef.3ad5df8c 0x7fdf9d3fc700 conn=1217 op=6 SRCH attr=mail
### Improvements to this form?
_No response_
📝 Preliminary Checks
👀 What Happened?
Today I converted my docker-mailserver to use LDAP as authentication mechanism.
Receiving mails works well, from outside (e.g. @gmail.com and inside @melijn.com).
Sending email between internal users (@melijn.com) works.
Sending emails to mailboxes outside (e.g. @gmail.com does not).
I did not see any mention of configuration to which addresses you can send to unless I misunderstood the docs: https://docker-mailserver.github.io/docker-mailserver/latest/config/advanced/auth-ldap/.
👟 Reproduction Steps
Env: mail-server.env.txt
LDAP Search query:
🐋 DMS Version
v12.1.0
💻 Operating System and Architecture
5.4.0-162-generic #179-Ubuntu
⚙️ Container configuration files
📜 Relevant log output